Lucene search

MitreCVE-2006-3554

HistoryJul 13, 2006 - 12:05 a.m.

CVE-2006-3554

2006-07-1300:05:00

mitre

web.nvd.nist.gov

cve

2006

3554

directory traversal

mkportal

vulnerability

remote attackers

arbitrary local files

language cookie

gl_session

php sequences

error.log

ind parameter

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.009

Percentile

82.4%

JSON

Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.

Affected configurations

Nvd

Node

mkportalmkportalMatch1.0.1_final

VendorProductVersionCPE
mkportalmkportal1.0.1_finalcpe:2.3:a:mkportal:mkportal:1.0.1_final:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mkportal	mkportal	1.0.1_final	cpe:2.3:a:mkportal:mkportal:1.0.1_final:::::::*

References

secunia.com/advisories/20884

securityreason.com/securityalert/1234

securitytracker.com/id?1016403

www.securityfocus.com/archive/1/438614/100/100/threaded

www.securityfocus.com/bid/18707

www.vupen.com/english/advisories/2006/2598

www.worlddefacers.de/Public/WD-MKP.txt

exchange.xforce.ibmcloud.com/vulnerabilities/27451

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.009

Percentile

82.4%

JSON

Related for CVE-2006-3554